1. Technical Field
This invention relates to a method of, and system for, attesting a virtual machine migrating from a first environment to a second environment. More specifically, the invention provides the re-attestation of migrated virtual machines.
2. Description of the Related Art
A virtual machine provides a complete system platform which supports the execution of an operating system. An essential characteristic of a virtual machine is that the software run by the virtual machine is limited to the resources and abstractions provided by the virtual machine. In the case of virtual machine migration, the entire memory contents of the running system is moved over the network as it migrates from a source physical system to a target physical system. When the memory pages are moved over the network, they are more vulnerable to a particular type of cyber attack.
It is the case in virtual machine migration that the attestation on the original physical system may have been less stringent than what is required by the security level of the target system. For example security zones can be used within a private cloud which has a test zone and a release zone. These operational zones would have different security policies based on the sensitivity of the data being processed and the criticality of the systems operating within the perspective zones. The separate security policies governing these zones could include trusted boot requirements, security configuration, firewall and anti-virus software, for example.
The virtual machines in the test zone are instantiated and removed frequently, as is the nature of test systems. Once a test system is approved for release for general availability, it would be migrated out to the release zone. However the release zone would have stricter security requirements. The enterprise would want this migration to proceed with the same automation and ease of migration, and with the (re)attesting to a higher security level integrated into this process.